A prototype framework for providing hop-by-hop security in an experimentally deployed active network

Realizing large-scale active networks is heavily contingent upon addressing security concerns at the outset. Various approaches have been taken toward integrating security within an active node, each defining the mechanisms required to be in place within the node OS or the execution environment in order to provide security guarantees within the system. An acceptable short-term solution to security while deploying an active network in practical testbeds such as the Abone is to divide security concerns into two classes: hop-by-hop and end-to-end. This paper describes an architecture for setting up hop-by-hop packet authentication and integrity using non-active, "off-the-shelf" security components. The intent is for the framework to be generic enough to serve as an aid in securely deploying any new technology requiring mediated node-node security associations including, but not limited to active networks